I would defiantly assume both users and some Valve staff use the same passwords for multiple sites, I have no doubt some Valve staff have probably had accounts at other sites compromised and maybe even their internal network.
I think the main issue really should be that Valve has not notified users they need to change their passwords for both Steam and other sites by now. Disclosing a security breach of any customer data is mandatory by law in Australia, US, other countries and (even though some are stupid enough to use the same password for every site) Valve can be held liable by law for not notifying users the second they become aware of the breach. Fun facts and a hard to answer question persist: If the passwords on the forum DB where not well encrypted then hackers would have both the users email address and their email password. Hackers can send a username reminder from Steam and then a password reset. Now if the hackers have both your Steam username and are able to reset your password then is Steam Guard just useless account protection? Why has Valve possibly broken the law and not posted a minor update to inform users their passwords and other data may have been compromised?
_______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
